Python debugger

By the way, if you’ve never used Python’s debugger, it really is as simple as adding a call to the built-in function breakpoint() at the point you want it to stop.

Flask on Elastic Beanstalk

I had a play with Elastic Beanstalk the other day. It’s one of those things people turn their noses up at, but it seems pretty good for prototyping and small things. My biggest issue so far has been that, for Python applications, it expects a WSGI callable called application in the file application.py… but I was using Flask, and every single Flask application ever has a WSGI callable called app in the file app.py. I tried to not care, but it got too much after about an hour so I went and found how to override it:

$ cat .ebextensions/01_wsgi.config
option_settings:
  aws:elasticbeanstalk:container:python:
    WSGIPath: "app:app"

Thank you Nik Tomazic for that! (=⌒‿‿⌒=)

The other AWS IAM SSO problem

The other thing you’ll run into using IAM users in AWS CLI is that a lot of things don’t support SSO sessions anyway. If you configure an IAM user with an SSO session name as recommended you’ll get errors like this:

$ eb init -p python-3.8 eb-flask-app
ERROR: InvalidConfigError - The profile "default" is configured to use SSO but is missing required configuration: sso_start_url, sso_region

and this:

$ terraform apply
| Error: configuring Terraform AWS Provider: loading configuration: profile "default" is configured to use SSO but is missing required configuration: sso_region, sso_start_url

You can fix these by configuring without an SSO session:

$ aws configure sso
SSO session name (Recommended): 
WARNING: Configuring using legacy format (e.g. without an SSO session).
Consider re-running "configure sso" command and providing a session name.
SSO start URL [None]: https://whatever.awsapps.com/start
SSO region [None]: us-east-1
 ...

You can also fix them by just editing your ~/.aws/config, and copying the sso_start_url and sso_region keys from the [sso-session ...] section into the relevant user’s section, but that might be a hack too far!

Using AWS CLI with IAM users

When you configure AWS CLI to use an IAM user, the first thing it asks for is an SSO session name. Don’t put whitespace or punctuation in it. The command doesn’t tell you this, but it’s going to use what you enter as an identifier, and fail with a cryptic error:

$ aws configure sso
SSO session name (Recommended): AWS CLI on Gary's Chromebook
SSO start URL [None]: https://whatever.awsapps.com/start
SSO region [None]: us-east-1
SSO registration scopes [sso:account:access]:

An error occurred (InvalidClientMetadataException) when calling the RegisterClient operation:

You need to put something like “gbenson” in there.

sed trick

I discovered a new sed trick today:

sed -i~

“I” stands for “in place”. It edits the files in place! And makes a backup if you want!

Container debugging minihint

What’s in my container?

$ podman ps --ns
CONTAINER ID  NAMES            PID    CGROUPNS  IPC         MNT         NET         PIDNS       USERNS      UTS
fe11359293e8  eloquent_austin  11090            4026532623  4026532621  4026532421  4026532624  4026531837  4026532622

$ sudo ls -l /proc/11090/root/
total 22628
lrwxrwxrwx.   1 root root        7 Jul 25  2019 bin -> usr/bin
dr-xr-xr-x.   2 root root        6 Jul 25  2019 boot
drwxr-xr-x.   5 root root      360 Jan 24 12:03 dev
drwxr-xr-x.   1 root root      183 Jan 23 16:43 etc
 ...

Thank you.
[28 Jan@1135UTC] UPDATE—Actually, this doesn’t seem to work with newer systems, sorry!

GNOME 3 won’t unlock

Every couple days something on my RHEL 7 box goes into a swapstorm and uses up all the memory. I think it’s Firefox, but I never figured out why, generally I have four different Firefoxes running with four different profiles, so it’s hard to tell which one’s failing (if it even is that). Anyway, sometimes it makes the screen lock crash or something, and I can’t get in, and I can never remember what process you have to kill to get back in, so here it is: gnome-shell. You have to killall -9 gnome-shell, and it lets you back in. Also killall -STOP firefox and killall -STOP "Web Content" are handy if the swapstorm is still under way.

Building GDB on a freshly installed machine FAQ

So you just installed Fedora, RHEL or CentOS and now you want to build GDB from source.

How do you make sure everything you need to build it is installed?
```
# dnf builddep gdb
```
Did it say, No such command: builddep? Do this, then try again:
```
# dnf install dnf-plugins-core
```
Did it say, dnf: command not found…? You’re using yum, try this:
```
# yum-builddep gdb
```
Did it say, yum-builddep: command not found…? Do this, then try again:
```
# yum install yum-utils
```

Thank you, you’re welcome.

Python hacking

Python‘s had this handy logging module since July 2003. A lot of things use it, so if you’re trying to understand or debug some Python code then a handy snippet to insert somewhere is:

import logging
logging.basicConfig(level=1)

Those two lines cause all loggers to log everything to the console. Check out the logging.basicConfig docs to see what else you could do.

“Reformat the filesystem to enable support”

Apparently it’s been a while since I ran containers on my office computer—and by a while, I mean, since November 2016—because if your initial install was RHEL or CentOS 7.2 or older then neither Docker nor Podman will work:

# yum -q -y install podman skopeo buildah
# podman pull registry.access.redhat.com/ubi7/ubi
Error: could not get runtime: kernel does not support overlay fs: overlay: the backing xfs filesystem is formatted without d_type support, which leads to incorrect behavior. Reformat the filesystem with ftype=1 to enable d_type support. Running without d_type is not supported.: driver not supported

So… ugh. I didn’t have any disks it’d work on either:

# for i in $(awk '{ if ($3 == "xfs") print $2 }' /etc/mtab); do xfs_info $i; done | grep ftype
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0

I didn’t reformat anything though. podman pull wants overlayFS on /var/run/containers/storage, and buildah bud wants it on /var/lib/containers/storage. I made loopback disks for both:

Find/make space somewhere, then create a directory to put the images in:
```
# mkdir -p /store/containers
```
Create a big file, whatever size you want, for the disk image. I made mine 20GiB. It took a couple minutes, my disks are slow:
```
# dd if=/dev/zero of=/store/containers/var_lib_containers.img bs=1M count=20K
```

Find a free loop device and associate the file to it:

# losetup -f /dev/loop1
# losetup /dev/loop1 /store/containers/var_lib_containers.img

Format the “device”, then detach it from the file:

# mkfs -t xfs -n ftype=1 /dev/loop1
# losetup -d /dev/loop1

Mount the “disk”, and see if it worked:

# mount -oloop /store/containers/var_lib_containers.img /var/lib/containers
# df -h /var/lib/containers
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop1       20G   33M   20G   1% /var/lib/containers

It worked? Make it permanent:

# echo "/store/containers/var_lib_containers.img /var/lib/containers xfs defaults,loop 1 2" >> /etc/fstab

Rinse and repeat for the other drive it needed. Then try again:

# podman pull registry.access.redhat.com/ubi7/ubi
Trying to pull registry.access.redhat.com/ubi7/ubi...Getting image
source signatures
Copying blob bff3b73cbcc4 done
Copying blob 7b1c937e0f67 done
Copying config 6fecccc91c done
Writing manifest to image destination
Storing signatures
6fecccc91c83e11ae4fede6793e9410841221d4779520c2b9e9fb7f7b3830264